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i 57) Abstract 

A technique for logically connecting local 
area networks (LANs) that may be separated by 
wide area networks containing routers and other 
network components. A logical link is formed be- 
tween two bridge-like devices called tunnelers, 
such that, once a tunnel has been established be- 
tween two LANs, other devices on the LANs can 
communicate as if the tunnel were a bridge. The 
tunneling mechanism of the invention requires 
that each LAN or extended LAN have only one 
active tunneler at any particular time, referred to 
as the designated tunneler, and each of the tun- 
nelers is configured to have knowledge of the 
identities of the other tunnelers. A tunnel is esta- 
blished after a successful exchange of messages 
between two tunnelers, and then traffic may be 
forwa rded through, the tunnel in a transparent 
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mation of closed communication loops. An alternate embodiment of the invention optimizes the configuration process for parti- 
cular network topologies. 
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METHOD AND APPARATUS FOR TRANSPARENTLY 
BRIDGING TRAFFIC ACROSS WIDE AREA NETWORKS 

BACKGROUND OF THE INVENTION 

5 

This invention relates generally to intercon- 
nected networks of computers and related devices and, 
more particularly, to techniques facilitating communica- 
tion between stations connected to widely separated lo- 

10 cal area networks (LANs) . A local area network includes 
a set of stations or nodes connected to a common commu- 
nication bus or ring. Typically, all elements of a sin- 
gle LAN are located in a single building or group of 
buildings . Multiple LANs are often connected together 

15 by devices called bridges, to form an extended LAN, A 
bridge is a device that is connected to more than one 
LAN, "listens 11 to message traffic on each of its LANs, 
and forwards the traffic onto selected other LANs. The 
bridge message forwarding operation is limited by a 

20 spanning tree algorithm in which all bridges partici- 
pate. Messages are forwarded only over a loop-free span- 
ning tree, to avoid closed loops and multiple copies of 
messages. Message forwarding is further controlled by 
the bridge's "learning" function. Each bridge learns 

25 the directional locations of various stations that are 
the sources of messages it hears, and "remembers" these 
locations for future use in forwarding message traffic. 

Multiple LANs and extended LANs may also be 
interconnected to form wide area networks (WANs) . The 

30 mechanism through which extended LANs are interconnect- 
ed is typically through devices such as routers. At a 
broad conceptual level, routers perform a similar task 
to bridges in that each router is connected to multiple 
LANs or extended LANs. However, the router operates at 

35 a different protocol layer (known as the network lay- 
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er) , and a router can be used for forwarding traffic 
only if the source of the traffic cooperates by using a 
network layer protocol that is understood by the rout- 
er* A bridge, on the other, hand, is a packet switch 
5 that is "transparent." A station that does not have a 
network layer protocol, or has a network layer protocol 
that is not implemented by the router, can use the 
bridge as a packet switch . Unfortunately, however, 
bridges have significant drawbacks that preclude their 

10 use in many contexts. 

The most significant drawback of a bridge, as 
compared with a router, is that bridges use only a sub- 
set of the actual topology of the interconnected net- 
works. In particular, redundant paths cannot be used, 

15 because to do so would result in closed loops and un- 
wanted multiplication of message traffic. As already 
mentioned, to ensure a loop-free topology bridges par- 
ticipate in a spanning tree algorithm, which establish- 
es a loop- free tree structure- If two extended LANs 

20 were to be interconnected by a bridge, the separate 
spanning trees of the two networks would have to be 
combined, forming one larger extended LAN. This might 
not be desirable from a network administration stand- 
point. Another important disadvantage of bridges is 

25 that they cannot forward traffic through a router, be- 
cause the packets handled by the bridge do not neces- 
sarily have the appropriate network layer information 
needed to utilize the router. Also, since routers do 
not participate in the spanning tree algorithm, there 

30 is a possibility of forming loops in the topology if 
bridges were to forward traffic through routers. 

In summary, neither routers nor bridges pro- 
vide an ideal solution to the problems of forwarding 
message traffic over wide-area networks. Some communica- 

35 tion protocols cannot work through routers, since rout- 
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ers support only certain network layer protocols. But 
bridges are limited, by the spanning tree algorithm, to 
a subset of the overall network topology, and cannot be 
used to forward traffic through routers that separate 
5 LANs, Application Serial No. 07/489,910, filed March 7, 
1990, entitled "Utilization of Redundant Links in 
Bridged Networks" (which is owned by the assignee of 
the present application and identified by docket number 
PD90-0097) , provides for the establishment of point-to- 
10 point links outside the spanning tree, but still does 
not permit forwarding of traffic through traditional 
routers . 

What is needed is a new approach that permits 
traffic to be forwarded transparently across WANs, us- 

15 ing more optimal routes and permitting the traffic to 
traverse traditional routers. The present invention sat- 
isfies this need. 

Another way of viewing the problem that this 
invention solves is that, ideally, there should be some 

20 way to address messages directly to particular extended 
LANs. However, the addressing conventions that have 
evolved for interconnected networks do not include any 
convenient means for addressing extended LANs. What is 
needed, then is some way of forwarding a message more 

25 directly to the extended LAN in which the message desti- 
nation is located. The present invention also satisfies 
this need. 
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SUMMARY OF THE INVENTION 

The present invention resides in a method and 
apparatus for logically interconnecting local area net- 
5 works and extended local area networks, even if they 
are separated by wide area networks having traditional 
routers . 

Briefly, the method of the invention includes 
the steps of providing a number of bridges with the ca- 

10 pability to form "tunnels" between LANs that may be 
widely separated, these special bridges being referred 
to as tunnelers; then electing a unique designated tun- 
neler for each extended LAN (XLAN) for which tunneling 
is to be provided- Each XLAN has no more than one desig- 

15 nated tunneler, but a single tunneler may be designated 
by more than one XLAN. The next steps are configuring 
the tunnelers, by supplying each with information iden- 
tifying other tunnelers with which a tunnel may be es- 
tablished, establishing at least one tunnel between two 

20 designated tunnelers by exchanging messages between the 
two tunnelers, if the configuration rules state that 
such a tunnel should exist, and then selectively for- 
warding message traffic through the established tunnel, 
from one LAN to another. 

25 In a preferred embodiment of the invention, 

the step of electing a unique designated tunneler for 
each XLAN includes executing a spanning tree algorithm 
among all of the bridges connected to the XLAN, thereby 
electing a root bridge. Since not all bridges will ne- 

30 cessarily have tunnel capability, some adjustment may 
be needed to bridge priorities used in the spanning 
tree algorithm, to ensure that the root bridge does 
have tunneling capability. In this way, the election of 
a designated tunneler is conveniently effected by means 

35 of the existing spanning tree algorithm. 
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The step of configuring the tunnelers includes 
supplying to each tunneler the identities of other tun- 
nelers and the identities of ports through which the 
, other tunnelers are connected to XLANs with which the 

£^a-iJ^£^ ports are associated. The step of establishing a tunnel 

Of o^jJ^-y includes transmitting a greeting from a designated tun- 

0 f) neler to each other tunneler that is a potential tunnel 

endpoint, receiving a message from one of the potential 
tunnel endpoints confirming that a tunnel may be estab- 
10 lished, and recording the successful establishment of a 
tunnel. Establishing a tunnel may also include the 
^ steps of transmitting a greeting to at least one backup 



> — i 



tunneler Rafter failing to receive a confirming message 
from the other designated tunneler; t hen r eceiving a 
15 message from the bac)a^ / tunneler confirming that a tun- 
nel may be established; and finally recording the^ suc- 
cessful establishment of the tunnel. 

The step of selectively forwarding message 
traffic through the established tunnel includes the 
20 steps of receiving a message at a tunneler , and deter- 
mining whether the message destination is known to the 
tunneler. If the destination is known , the method fur- 
ther includes the steps of determining whether a tunnel 
is required to reach this particular destination, and, 
25 if so, forwarding the message through the tunnel, if 
the tunnel has been established and the message is of a 
type authorized for forvardiggtArough the tun qel^_ 

-j ~~ If the" destination is not known, a subsequent 

(J^^^kM^ — , step in the method is determining whether the message 

^° fiA^p^ 30 was received from a tunnel. If so, the message is for- 

1^ ^^v^— warded through a port defined as the tunnel endpoint. 

If the message was not received from a tunnel and the 
message destination is not known, the method further 
includes forwarding the message over all non-tunnel 
35 ports in the spanning tree, except the one through 
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which the message was received, and forwarding the mes- 
sage through all established t unnel s, if any, for _which 
this tunneler is a sending endpoint, if the message is 
of a type authorized for transmission through the tun- 
5 nel . 

Forwarding a message through a tunnel includes 
the step of appending to the message a destination ad- 
dress comprising the address of a receiving endpoint 
tunneler of the tunnel, and a port identifier that also 

10 defines, in part, the receiving endpoint of the tunnel. 
Then the message is transmitted through an appropriate 
port to reach the receiving endpoint of the tunnel. If 
the message was received from a tunnel, the method fur- 
ther comprises the step of stripping the tunnel receiv- 

15 ing endpoint address from the received message, before 
forw arding it through the tunnel receiving endpoint 
port. 

In an alternate embodiment of the invention, 
the configuring step is optimized for specific network 

20 topologies* In this case the step of .configuring in- 
cludes supplying the tunnelers with a subset of informa- 
tion concerning other tunnelers , the subset of informa- 
tion being optimized for a particular network topology. 
The step of establishing a tunnel then includes one or 

25 more of the following steps: 

(1) For a designated tunneler , sending a greet- 
ing to another designated tunneler with which it has 
been configured, and receiving a response confirming 
that a tunnel has been established; 

30 (2) for a designated tunneler, sending a greet- 

ing to a nondes ignated tunneler with which it has been 
configured^/lreceiving a refusal response identifying a 
designated tunneler, redirecting the greeting to the 
designated tunneler identified in the refusal response, 

35 and receiving a response confirming that a tunnel has 
been established; and 
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(3) for3___nondesignated tunneler, periodically 
transmit ^ ipulticast ptessa^s identifying the tunnel- 
ers w ith which it has been con figured, and, "for ^desig- 
nated tunnel .er ^responding— to^a... multicast .message. . from 
5 a^nondesignj^ed,^ sending a greeting to^gne 

of the tunnelers c ontaine d in the multicast-^message^ 
and receiving a responsa^mess^ge^conf irroing that ac tion- 
hel has been established^^ 

The optimized configuration approach reduces 

10 the burden of having to manually configure every tunnel- 
er with knowledge of every other tunneler. The cost of 
this simplification is some added complexity in the es- 
tablishment of tunnels, but the approach is worthwhile 
for some network topologies. 

15 It will be understood that the invention also 

encompasses equivalent apparatus claims similar in 
scope to the various forms of the method discussed 
above - 

It will be appreciated from the foregoing that 

20 the present invention represents a significant advance 
in the field of communication networks. In particular, 
the invention provides a novel way of logically inter- 
connecting two LANs, even through they may be separated 
by wide area networks containing routers. The tunneling 

25 protocol of the invention effects this logical intercon- 
nection in a manner that permits user controlled filter- 
ing of the tunnel traffic, and precludes the formation 
of any closed loops. Traffic filtering may fulfill any 
desired network administration objectives, such as 

30 limiting traffic flow through a tunnel to selected 
protocols, or limiting flow through a tunnel to traffic 
having selected destination or source addresses . Other 
aspects and advantages of the invention will become 
apparent from the following more detailed description, 

35 taken in conjunction with the accompanying drawings. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

FIGURE 1 is a simplified schematic diagram of 
one example of a network topology having multiple ex- 
5 tended local area networks (XLANs) that are connected 
through a wide area network (WAN) having conventional 
routers ; 

FIG. 2 is a diagram similar to FIG. 1, but 
showing a different topology example; 
10 FIG. 3 is a diagram similar to FIG. 1, but 

showing yet another topology example; 

FIG. 4 is a flowchart depicting the operations 
performed in establishing tunnels; 

FIG. 5 is a flowchart depicting the operations 
15 performed by a tunneler in processing and forwarding 
received messages; and 

FIG. 6 is diagram similar to FIGS. 1-3, but 
showing another topology, in which a configuration opti- 
mization is employed. 

20 



25 



35 



WO 92/12587 _ 9 _ PCT/GB92/00034 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

As shown in the drawings by way of illustra- 
tion, the present invention is concerned with a novel 
5 technique for logically interconnecting multiple local 
area networks (LANs) or extended local area networks 
(XLANs) , which may be separated by wide area networks 
(WANs) containing traditional routers. Neither routers 
nor bridges can perform this function in all situa- 
10 tions, since routers do not support all communications 
protocols, and bridges are limited by the spanning tree 
algorithm and cannot forward traffic through tradition- 
al routers. 

In accordance with the invention, each LAN or 

15 XLAN has a bridge-like device that is designated as the 
"tunneler" for that network, and logical connections, 
called tunnels, are established between pairs of tunnel- 
ers. Each such pair of tunnelers functions in much the 
same way as bridge, in the sense that traffic is for- 

20 warded transparently from one network to another. Each 
tunneler has a connection to the LAN or XLAN of which 
it is the designated tunneler, and at least one connec- 
tion to a WAN that separates the LANs or XLANs. 

FIG. 1 is one example, in simplified form, of 

25 a network topology in which the invention may be used. 
The topology includes two extended LANs 10, 12, indicat- 
ed as XLAN1 and XLAN2. XLAN1 has three LANs 14, 16, 18 
connected by bridges B, indicated at 20, 22. XLAN2 12 
is a single LAN. The rest of the topology is a WAN 24, 

30 referred to as a "WAN cloud." This includes any combina- 
tion of LANs, point-to-point links, bridges, and rout- 
ers. The WAN cloud 24 handles message traffic in accor- 
dance with conventional routing protocols, for instance 
(but not restricted to) the Open Systems Interconnec- 

35 tion (OS I) Reference Model, developed by the Inter- 
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national Standards Organization (ISO) . The problem with 
which the invention is concerned is how to establish a 
communication link between XLAN1 and XLAN2 , such that 
traffic can be forwarded through the WAN cloud 24, as 
5 optimally as possible, even if the source or destina- 
tion of the traffic is not operating in accordance with 
the routing protocols in the WAN cloud. In this illus- 
tration, XLAN1 is connected to the WAN cloud 24 by six 
"tunnelers" indicated as Tl, T2, T3, T4, T5, and T6, 
10 and XLAN2 is connected to the WAN cloud by two tunnel- 
ers T7 and T8. Tunneler Tl is connected to LAN 14, tun- 
nelers T2 and T3 are connected to LAN 16, and tunnelers 
T4, T5 and T6 are connected to LAN 18. Each tunneler 
may considered as performing in some ways like a 
15 bridge, but having additional tunneling capability, to 
be described in detail below. 

The tunneling capability involves a prelimi- 
nary procedure for establishing tunnels, and then a 
traffic handling procedure whereby traffic may be for- 
20 warded through the established tunnels. Establishing 
the tunnels is effected by two basic steps. First, a 
procedure is used to ensure that there is only one des- 
ignated tunneler for each LAN or extended LAN under con- 
sideration. Second, the designated tunnelers are manual- 
25 ly "configured" by an operator or network manager, to 
define the tunnels that can be established for each 
pair of LANs or extended LANs. 

Although each LAN or extended LAN has only one 
designated tunneler, the same tunneler may perform the 
30 function of designated tunneler for more that one LAN 
or extended LAN. This point is not clear from FIG. 1 
but will become apparent from a later example. 

There are two alternatives for ensuring that 
each LAN or XLAN has only one designated tunneler. The 
35 first alternative , and probably the easiest to imple- 
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ment, is to use the same procedure that the spanning 
tree algorithm uses to elect a root bridge. In the span- 
ning tree algorithm, a single bridge is elected and 
designated the "root bridge" for each extended LAN, to 
5 ensure that interconnected bridges in the extended LAN 
form a loop- free topology. If the same procedure is 
used to elect a tunneler, it must be used in such a way 
as to ensure that the elected bridge has tunneling capa- 
bility. If only some of the bridges participating in 

10 the spanning tree algorithm have tunneling capability, 
some adjustment would need to be made to bridge priori- 
ties used in the spanning tree algorithm, to ensure 
that the bridge elected as the root bridge also has tun- 
neling capability. Using the spanning tree algorithm to 

15 elect a designated tunneler has the advantage that the 
procedure already exists and is utilized by bridges in 
the network* Moreover, the spanning tree algorithm oper- 
ates effectively even in periods of heavy traffic con- 
gestion. 

20 The alternative to using an existing spanning 

tree algorithm to designate a tunneler is to implement 
a special election process among the potential tunnel- 
ers in each extended LAN. This algorithm could be close- 
ly duplicative of the spanning tree algorithm, wherein 

25 each tunneler transmits a previously assigned priority, 
and a collective election process eliminates all but 
one of the tunnelers. This has some disadvantages asso- 
ciated with the implementation of a special election 
procedure, principally additional cost and complexity. 

30 Moreover, there is no guarantee that such a procedure 
would work effectively in heavy traffic conditions. 
Since multicast messages look like ordinary data 
packets, and compete with other data packets for access 
to the network, election messages may be discarded 

3 5 under some conditions. 
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The other preliminary task is to configure , by 
network management, the tunnelers with the definitions 
of tunnels that should be built. For example, in FIG. 
1, if the designated tunneler for XLAN1 is Tl and the 
5 designated tunneler for XLAN2 is T7, the tunnel between 
XLAN1 and XLAN2 would be defined by the network layer 
address of each end-point of the tunnel and by the port 
through which the end-point is connected to the appro- 
priate XLAN. If Tl is connected to XLAN1 by its #1 

10 port, and T7 is connected to XLAN2 by its #2 port, the 
complete definition of the tunnel is (Tl,l), (T7,7). 
Tunneler Tl is configured with a corresponding tunnel 
definition as seen from the Tl end, i.e. (1,T7,2). Tun- 
neler T7 is configured with a tunnel definition as seen 

15 from the T7 end, i.e. (2,T1,1). 

Configuration optionally involves two other 
types of information. First, alternate tunnel defini- 
tions may be configured into the tunnelers. For exam- 
ple, Tl may be configured to use T8 as an alternate tun- 

20 nel end-point, in the event that T7 is not available 
for some reason. The second type of additional configu- 
ration data includes a definition of the types of mes- 
sages that will be forwarded over each tunnel. The tun- 
nel may be used for only selected protocols, or for all 

25 types of traffic, or for traffic involving only select- 
ed destinations or sources, all at the option of the 
network manager. 

After election of a designated tunneler for 
each LAN or extended LAN, and configuration of the des- 

30 ignated tunnelers, tunnels are established by an ex- 
change of messages between tunnelers that have been de- 
fined as tunnel end -points. For example, Tl, having 
been configured to establish a tunnel to T7, will send 
a greeting message through the WAN cloud 24, addressed 

35 to T7. In essence, the greeting indicates that Tl 
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wishes to establish a tunnel with T7. T7 sends a reply 
message, either assenting to the establishment of a tun- 
nel, or indicating that it (T7) is not the designated 
tunneler for the requested port, or indicating that it 
5 (T7) has not been . configured for this tunnel. Another 
possibility is that T7 cannot be reached for some rea- 
son, and no reply is received by Tl. This exchange may 
take place in the opposite direction, depending on 
timing considerations . Or there may be a symmetrical 

10 exchange, with both tunnelers sending messages to their 
opposite numbers in the defined tunnel. 

After a tunnel is established, such as the tun- 
nel T1-T7, it functions in a similar fashion to a 
bridge connecting the two XLANs. When tunneler Tl 

15 "hears" a message on XLAN1, Tl forwards the message 
through the tunnel to tunneler T7, after first append- 
ing the network layer address for T7. On receiving such 
a message, tunneler T7 strips off the network layer ad- 
dress and forwards the message onto XLAN2. Traffic may 

20 also be transmitted through the tunnel in the opposite 
direction by the same mechanism. 

The tunnelers have a bridge-like capability of 
learning the locations of stations from which messages 
have come. Each message has a source address, in the 

25 form of a data link layer address. When tunneler Tl, 
for example, receives traffic through its #1 port, this 
traffic can be identified as having a source address in 
the direction of XLAN1. A subsequent message having a 
destination address that corresponds with a source 

3 0 address previously noted as emanating from XLAN1, need 
not be forwarded through the tunnel to T7. However, 
when the direction of a destination address is not 
known to the tunneler, the message is forwarded through 
the established tunnel to XLAN2. 

35 FIG. 2 depicts another example of a topology, 
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having a WAN cloud 24, two tunnelers Tl and T2, and a 
total of eight extended LANs, indicated as XLAN1 
through XLAN8 * XLAN1 through XLAN5 are connected to 
tunneler Tl through its ports #1 through #5, and XLAN6 
5 through XLAN8 are connected to tunneler T2 through its 
ports #1 through #3. Tunneler Tl is connected through 
its additional port #6 to the WAN cloud 24 and tunneler 
T2 is connected to the WAN cloud through its additional 
port #4. Tl is the designated tunneler for extended 

10 LANs XLAN1 through XLANS, and T2 is the designated tun- 
neler for extended LANs XLAN6 through XLAN8 . Tunnelers 
Tl and T2 may be configured to establish as many as fif- 
teen tunnels between various pairs of XLANs connected 
to different tunnelers. For example, the tunnels from 

15 XLAN1 will be configured as: 

(1,T2,1), for tunneling from XLAN1 to XLAN6, 
(1,T2,2), for tunneling from XLAN1 to XLAN7, 
and (1,T2,3), for tunneling from XLAN1 to XLAN8 . 
Four additional sets of three tunnels can be configured 

20 with XLAN2 through XLAN5 as the starting points. Addi- 
tional tunnels may be established between pairs of 
XLANs connected to the same tunneler, such as XLAN4 and 
XLAN5. There are ten possible additional tunnels using 
only Tl for both tunnel endpoints, and three possible 

25 additional tunnels using T2 for both tunnel endpoints. 
Although XLAN4 and XLANS, for example, can be connected 
using Tl as a conventional bridge, a tunnel may be a 
more desirable solution because it provides a conveni- 
ent mechanism for filtering traffic between the two 

30 XLANs- Moreover, if the two XLANs are conventionally 
bridged by Tl, their spanning trees will necessarily 
have to be merged and this may not be desirable. 

For purposes of illustration, the WAN cloud 24 
in FIGS. 1 and 2 has been shown as being separate from 

35 the other extended LANs in the topology. In general, 
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however, the principles of the invention discussed 
above also apply if the cloud is considered to encom- 
pass the extended LANs between which the tunnels are 
established. 

5 The requirement that there be only one desig- 

nated tunneler for each extended LAN leads to a desir- 
able, and not immediately obvious property of networks 
connected by tunnels. When tunnels are established in 
accordance with the invention, there is no possibility 
10 of closed loops being formed by any interconnection of 
the tunnels. This property can be understood from the 
further example of FIG. 3, which shows a topology in- 
cluding four extended LANs, XLANl through XLAN4, each 
of which has a designated tunneler Tl through T4, re- 
15 spectively. The established tunnels include T1-T2, 
T2-T3, T3-T4 and T4-T1, which form the sides of square, 
together with T1-T3 and T2-T4, which form the diagonals 
of the square. At first sight, it might appear that a 
message could be circulated around the sides of the 
20 square in a closed loop, and that unwanted duplicate 
messages would be generated. 

Suppose a message from XLANl is to be forward- 
ed by tunneler Tl f and that the destination is unknown 
to Tl. Tl will forward the message over its three estab- 
25 lished tunnels. T1-T2, T1-T3 and T1-T4 . If, for exam- 
ple, the message destination is on XLAN3 , it will be 
forwarded there via tunnel T1-T3. Tunneler T2 will also 
receive a copy of the message, through tunnel T1-T2, 
but will not forward the message through a second tun- 
30 nel, such as T2-T3. There is only one established 
tunnel between Tl and T3, and that is the "diagonal" 
tunnel T1-T3. Each tunneler is conditioned to operate 
such that traffic received through one tunnel should 
not be forwarded through another. Since there is only 
35 one designated tunneler for each extended LAN, this 
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rule is simple to put into effect. 

The procedure performed by each tunneler in 
establishing tunnels is shown in simplified flowchart 
form in FIG. 4. The tunneler first determines if it is 
5 the uniquely designated tunneler for a particular ex- 
tended LAN (XLAN) , as indicated in block 30, and then 
determines whether this tunneler has been configured as 
a tunneler to another XLAN, as indicated in block 32- 
If the answer to either of these questions is negative, 
10 the tunneler shifts its attention to other XIANs to 
which it may be connected (block 34) and repeats the 
questions of blocks 30 and 32. If the tunneler is a des- 
ignated tunneler for a particular XLAN and has been con- 
figured as a tunneler to some other XLAN, the next step 
15 is to perform a communications "handshake" with the tun- 
neler that has been configured as the other endpoint of 
the tunnel. The handshake, indicated in block 36 may 
take any of several forms, but two possible results of 
the handshake are that the establishment of tunnel is 
20 confirmed, as indicated by line 38 from block 36, or 
that the establishment of the tunnel is refused for 
some reason, as indicated by line 40 . In the latter 
case, there may be subsequent communication with an al- 
ternate tunnel endpoint, if one has been specified by 
25 configuration, as indicated in block 42. In any event, 
after establishment of a tunnel has been confirmed or 
refused, the tunneler repeats this entire process for 
other XLANs to which it may connected, as indicated in 
block 34. 

30 The operations performed by a tunneler in for- 

warding messages are summarized in FIG. 5. Like a 
bridge, a tunneler has multiple ports that are connect- 
ed to separate LANs or XLANs. In addition to its physi- 
cal ports, a tunneler may be considered to have a "tun- 

35 neler port" for each established tunnel for which the 
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tunneler serves as an end-point. When a message is re- 
ceived at a tunneler, as indicated at 50, the source 
address of the message is noted, in conjunction with 
the port from which the message was received, and a 
5 database of addresses and their port locations is devel- 
oped. This learning function, indicated in block 52, 
includes learning the locations of addresses in terms 
of their corresponding "tunnel ports" of the tunneler* 

If the destination of the received message is 

10 known from prior message activity, as determined in 
block 54, the identity of the port through which the 
message should be forwarded is already known, and the 
message may be forwarded, as indicated in block 56. The 
destination may, for example, be located on a LAN that 

15 is directly connected to the tunneler, in which case 
the message can be forwarded through the appropriate 
non-tunnel port. If the known destination may be 
reached through an established tunnel, and if the mes- 
sage is of a type that has been authorized for forward- 

20 ing through a tunnel, then the message is forwarded 
through the established tunnel. This requires that a 
network layer address be appended to the message, 
giving the address of the receiving end-point of the 
tunnel. Then the message is forwarded through the 

25 tunnel. 

If the destination of the received message is 
not known, the tunneler next determines whether the mes- 
sage was received from a tunnel, as indicated in block 
58. If so, the message is simply forwarded through the 

30 appropriate port that has been designated as the tunnel 
receiving end-point, as indicated in block 60. The mes- 
sage, having been received from a tunnel, is not for- 
warded through any other tunnels, and the possibility 
of closed loops is avoided. If the received message was 

35 not received from a tunnel, and its destination is un- 
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known, it should be forwarded through all non-tunnel 
ports permitted by the spanning tree, and through all 
tunnel ports , i.e. through all tunnels for which the 
tunneler is functioning as an end-point, as indicated 
5 in block 62. In forwarding through the tunnel ports, 
the tunneler must first check that the tunnels have 
been established and that the message is of a type au- 
thorized for forwarding through tunnels. 

The foregoing description is not intended to 
10 preclude the possibility of a tunnel being established 
between two extended LANs connected to the same tunnel- 
er, i.e. where one tunneler is used as both endpoints 
of a tunnel, but using different ports, of course . Al- 
though this type of interconnection could be handled by 
15 the conventional bridge function, the tunnel mechanism 
provides the additional capability of filtering traffic 
in some desired way, such that only certain categories 
will be allowed to pass through the tunnel. Also, as 
noted earlier, using the tunneling mechanism avoids 
20 having to merge the spanning trees of the two bridged 
networks . 

The tunneling mechanism described above works 
to advantage in any of a variety of network configura- 
tions. In particular, the use of tunnels in accordance 

25 with the invention allows traffic to be bridged from 
one extended LAN to another, even when an interposed 
WAN includes routers. Considered from another perspec- 
tive, the invention provides a means for addressing ex- 
tended LANs. Conventional communications protocols pro- 

30 vide no means for addressing LANs and extended LANs, 
but the invention achieves this objective since a desig- 
nated tunneler and an associated port are unique to a 
LAN or extended LAN. Thus the tunneler-port identifica- 
tion also identifies the LAN. Moreover, tunneling is 

35 achieved by a mechanism that precludes the formation of 
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undesirable closed loops, allows grouping of tunnel ers 
to designate alternates, and can make use of an exist- 
ing spanning tree algorithm to elect a designated tun- 
neler for each extended LAN. 
5 Tunnel configuration, in accordance with the 

invention as described thus far, requires each poten- 
tial tunneler to be configured with a knowledge of all 
of the other potential tunnelers. For example, in the 
topology of FIG. 1, each of the six tunnelers connected 

10 to XLANl has to be configured with knowledge of the two 
tunnelers connected to XLAN2 and each of the two tunnel- 
ers connected to XLAN2 has to be configured with know- 
ledge of all six of the tunnelers connected to XLANl. 
In total there will be 2 x 6 pieces of configuration 

15 information for the FIG. 1 topology* In an alternate 
embodiment of the invention, the amount of configura- 
tion information can be reduced, or optimized, based on 
knowledge of the specific network topology in which the 
invention is being used. An example of a topology in 

20 which such an optimization scheme could be used is 
shown in FIG. 6. 

FIG. 6 shows four extended LANs, designated 
XLANl, XLAN2, XLAN3 and XLAN4. XLANl is connected to a 
tunneler Tl, which is connected to another tunneler T2 

25 through a point-to-point link LI. The tunneler T2 is 
connected by another port to XLAN4. Similarly, XLAN2 is 
connected to XLAN4 through a path comprising tunneler 
T4, link L2, and tunneler T3. Finally, XLAN3 is connect- 
ed to XLAN4 through a path comprising tunneler T5, link 

30 L3, and tunneler T6. The links LI, L2, L3, may be con- 
sidered a special case of the WAN shown in FIG. l. In 
the configuration of FIG. 6, it is further assumed that 
there is a desire to build tunnels from XLAN4 to each 
of the other extended LANs, XLANl, XLAN2 and XLAN3 . 

35 in accordance with this embodiment of the 
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invention, every tunneler does not have to be config- 
ured with information concerning every other possible 
tunneler- For example, in the network configuration of 
FIG. 6 it would only be necessary to configure a tunnel 
5 between Tl and T2 (for XLAN1— XLAN4 ) , another tunnel 
between T3 and T4 (for XLAN2-XLAN4) , and another tunnel 
between T5 and T6 (for XLAN3-XLAN4) . There is no point 
in configuring Tl with knowledge of T3 and T6, because 
the latter two tunnelers cannot be reached from Tl if 
10 T2 is inoperative. Of course, this arrangement using 
three tunnelers connected with XLAN4 is inconsistent 
with the notion that there is only one tunneler for 
each XLAN. 

In this optimization approach of the inven- 

15 tion, there are three possible ways that a tunneler 
would know whether to build a tunnel. The first is the 
manual configuration technique as described for the ba- 
sic form of the invention. Thus, if T2 were the desig- 
nated tunneler for XLAN4, the tunnel from Tl to T2 

20 would be established as a result of this basic manual 
configuration technique. The second technique is by mul- 
ticast advert isement, and the third is by redirection, 
both of which need further explanation. 

A multicast message is one directed to mul- 

25 tiple destinations. In the second technique for estab- 
lishing tunnels, if a tunneler is not elected the 
designated tunneler for a particular XLAN, it periodi- 
cally multicasts the set of tunnels with which it has 
been manually configured. Thus , T3 , which is not the 

30 designated tunneler, would advertise by multicast 
messages that it had been configured to form a tunnel 
with T4 . The designated tunneler T2 , upon hearing of 
the advertised T3-T4 tunnel from T3»s multicast, 
establishes a second tunnel , between T2 and T4. This 

35 would certainly not be an optimally routed tunnel. A 
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message from XLAN4 bound for XLAN2 would proceed to 
tunneler T2 , which would forward the message to the 
other tunnel endpoint, T4, but through XLAN4 and T3. 
Similarly, tunneler T6 would advertise a tunnel from T6 
5 to T5, with which it had been configured, and the desi- 
gnated tunneler would receive T6's multicast advertise- 
ment and establish a tunnel from T2 to T5. 

Tunnel establishment by redirection occurs 
when a tunneler attempts communication with a tunneler 

10 that has not been elected the designated tunneler. The 
return message from the non-designated tunneler in- 
cludes the identity of the designated tunneler, so the 
tunneler attempting communication is made aware which 
tunneler, and which of its ports on that XLAN, will 

15 accept the tunnel request. A simple protocol is pro- 
vided, to require the designated tunneler to advertise 
its identity, including a port number, to others on the 
same XLAN. For example, tunneler T5 has been configured 
to establish a tunnel with T6, but T6 is not the desig- 

20 nated tunneler. A response message from T6 redirects T5 
to the designated tunneler T2. T6 has knowledge of the 
designated tunneler T2 from "advertising" messages it 
has previously received from T2. Similarly, tunneler T3 
redirects T4 to the designated tunneler T2. Communica- 

25 tion in a direction toward XLAN4 is also non-optimal 
For example, a message from XLAN3 over tunnel T5-T2 is 
constrained to first visit the designated tunneler T2, 
which is reached through XLAN 4 , before returning to 
XLAN4 for delivery to its final destination. 

30 The advantage of optimization by this approach 

is that the storage- and time requirements for manual 
configuration are greatly reduced. The trade-offs for 
this improvement are that message routing is likely to 
be further removed from optimal, and the approach is 

35 not universally applicable to all network configura- 
tions. 
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It will be appreciated from the foregoing that 
the present invention represents a significant advan- 
tage in the field of interconnected local area networks 
(LANs) . In particular, the invention permits LANs to be 
5 bridged together through an established communications 
tunnel even when they are separated by network compo- 
nents that include routers. Each tunnel established in 
accordance with the invention provides for user-speci- 
fied filtering, wherein traffic flowing through the 

10 tunnel may be limited, at the user's option, to speci- 
fic categories or protocols, or may be limited in other 
ways, such as by source or destination. As described, 
the tunnel mechanism of the invention inherently pre- 
cludes closed loops in the interconnected network. The 

15 basic tunneling approach provides for grouping of 
tunnel ers to define alternatives in the event of an 
inoperative tunneler. In the optimization approach 
described , manual tunneling configuration is greatly 
reduced for some network configurations. It will also 

20 be appreciated that, although a basic embodiment and a 
specifically optimized version of the invention have 
been described in detail for purposes of illustration, 
various modifications may be made without departing 
from the spirit and scope of the invention. According- 

25 ly, the invention is not to be limited except as by the 
appended claims. 
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CLAIMS 

We claim : 

1. A method for logically connecting local 
area networks (LANs) interconnected by network compo- 
nents that include bridges and may include routers, the 
method comprising the steps of; 
5 providing selected bridges with the capability 

to form tunnels between LANs that may be widely separ- 
ated, such bridges being referred to as tunnelers; 

electing a unique designated tunneler for each 
extended LAN (XLAN) for which tunneling is to be provid- 
10 ed, wherein each XLAN has no more than one designated 
tunneler, but a single tunneler may be designated by 
more than one XLAN; 

configuring the tunnelers by supplying each 
with information identifying other tunnelers with which 
15 a tunnel may be established; 

establishing at least one tunnel between two 
designated tunnelers, by exchanging messages between 
the two tunnelers; and 

selectively forwarding message traffic through 
20 the established tunnel, from one LAN to another. 

2. A method as defined in claim 1, wherein the 
step of electing a unique designated tunneler for each 
XLAN includes: 

executing a spanning tree algorithm among all 
5 of the bridges connected to the XLAN, and thereby elect- 
ing a root bridge; and 

ensuring that the root bridge has tunneling 
capability. 
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3- A method as defined in claim 1, wherein the 
step of configuring the tunnelers includes: 

supplying to each tunneler the identities of 
other tunnelers and the identities of ports through 
5 which the other tunnelers are connected to XLANs with 
which they are associated. 

4. A method as defined in claim 3, wherein the 
step of establishing at least one tunnel includes: 

transmitting a greeting from a designated tun- 
neler to each other tunneler that is a potential tunnel 
5 endpoint; 

receiving a message from one of the potential 
tunnel endpoints confirming that a tunnel may be estab- 
lished; and 

recording. that a tunnel has been established. 

5- A method as defined in claim 1, wherein the 
step of configuring the tunnelers includes: 

supplying to each tunneler the identities of 
other tunnelers, the identities of ports through which 
5 the other tunnelers are connected to XLANs with which 
they are associated, and an indication of tunneler pri- 
orities, to facilitate establishment of tunnels between 
tunnel endpoints. 

6. A method as defined in claim 5, wherein the 
step of establishing at least one tunnel includes: 

transmitting a greeting from a designated tun- 
neler to another designated tunneler that is a poten- 
5 tial tunnel endpoint; 

receiving a message from the other designated 
tunneler confirming that a tunnel may be established; 
and 

recording that a tunnel has been established. 
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7. A method as defined in claim 5, wherein the 
step of establishing at least one tunnel includes: 

transmitting a greeting from a designated tun- 
neler to another designated tunneler that is a poten- 
5 tial tunnel endpoint; 

transmitting, after failing to receive a con- 
firming message from the other designated tunneler, a 
greeting to at least one backup tunneler; 

receiving a message from the backup tunneler 
10 confirming that a tunnel may be established; and 

recording that a tunnel has been established. 



8. A method as defined in claim 1, wherein the 
step of selectively forwarding message traffic through 
the established tunnel includes: 

receiving a message at a tunneler; 

determining whether the message destination is 
known to the tunneler; 

if the destination is known, performing the 

steps of 

determining whether the destination re- 
quires forwarding through a tunnel, and 

if so, forwarding the message through the 
tunnel, if the tunnel has been established and 
the message is of a type authorized for for- 
warding through the tunnel; 

if the destination is not known, determining 
whether the message was received from a tunnel; 

if the message was received from a tunnel, for- 
warding the message through a port defined as the tun- 
nel endpoint; 
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if the message was not received from a tunnel 
and the message destination is not known, performing 
the steps of 

forwarding the message over all permissi- 
ble non- tunnel ports, and 

forwarding the message through all estab- 
lished tunnels, if any, for which this tunnel- 
er is a sending endpoint, if the message of a 
type authorized for tunnel transmission. 

9. A method as defined in claim 8, wherein the 
step of forwarding a message through a tunnel includes: 

appending to the message a destination address 
that includes the address of a receiving endpoint tun- 
5 neler of the tunnel, and also includes a port identifi- 
er that defines, in part, the receiving endpoint of the 
tunnel? and 

transmitting the message through an appropri- 
ate port to reach the receiving endpoint of the tunnel. 

10. A method as defined in claim 9, wherein: 

if the message was received from a tunnel the 
method further comprises the step of stripping, from 
the received message, the tunnel receiving endpoint ad- 
5 dress, before forwarding the message through the tunnel 
receiving endpoint port. 

11. A method as defined in claim 8, wherein 
the step of selectively forwarding messages through a 
tunnel includes the further step of: 

updating, if necessary, a database of destina- 
5 tions, by means of address information obtained from 
each message source. 
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12. A method as defined in claim 1, wherein: 
the step of configuring includes supplying the 
tunnelers with a subset of information concerning other 
tunnelers, the subset of information being optimized 
5 for a particular network topology; and 

the step of establishing a tunnel includes the 

steps of 

(1) for a designated tunneler, sending a 
greeting to another designated tunneler with 

10 which it has been configured, and receiving a 

response confirming that a tunnel has been es- 
tablished, 

(2) for a designated tunneler, sending a 
greeting to a nondesignated tunneler with 

15 which it has been configured, receiving a re- 

fusal response identifying a designated tunnel- 
er, redirecting the greeting to the designated 
tunneler identified in the refusal response, 
and receiving a response confirming that a tun- 

20 nel has been established, and 

(3) for a nondesignated tunneler, periodi- 
cally transmitting multicast messages identify- 
ing the tunnelers with which it has been con- 
figured, and, for a designated tunneler, re- 

25 sponding to a multicast message from a nondes- 

ignated tunneler, by sending a greeting to one 
of the tunnelers contained in the multicast 
message, and receiving a response message con- 
firming that a tunnel has been established. 
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13- A method for logically connecting local 
area networks (LANs) interconnected by network compo- 
nents that include bridges and may include routers, the 
method comprising the steps of: 

5 providing some of the bridges with the capabil- 

ity to form tunnels between LANs that may be widely sep- 
arated, such bridges being referred to as tunnel ers; 

electing a unique designated tunneler for each 
extended LAN (XLAN) for which tunneling is to be provid- 
10 ed, wherein each XLAN has no more than one designated 
tunneler , but a s ingl e tunneler may be des ignated by 
more than one XLAN; 

configuring the tunnelers by supplying each 
tunneler with the identities of other tunnelers and the 
15 identities of ports through which the other tunnelers 
are connected to XLANs with which they are associated; 

establishing at least one tunnel between two 
designated tunnelers, by transmitting a greeting from a 
designated tunneler to each other tunneler that is a 
20 potential tunnel endpoint, receiving a message from one 
of the potential tunnel endpoints confirming that a tun- 
nel may be established, and recording that a tunnel has 
been established; and 

selectively forwarding message traffic through 
25 the established tunnel, from one LAN to another. 

14- A method as defined in claim 13, wherein 
the step of selectively forwarding message traffic 
through the established tunnel includes: 

receiving a message at a tunneler; 
5 determining whether the message destination is 

known to the tunneler; 
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if the destination is known, performing the 

steps of 

determining whether the destination re- 
10 quires forwarding through a tunnel , and 

if so, forwarding the message through the 
tunnel, if the tunnel has been established and 
the message is of a type authorized for for- 
warding through the tunnel; 
15 if the destination is not known, determining 

whether the message was received from a tunnel; 

if the message was received from a tunnel, for- 
warding the message through a port defined as the tun- 
nel endpoint; 

20 if the message was not received from a tunnel 

and the message destination is not known, performing 
the steps of 

forwarding the message over all non-tun- 
nel ports except one through which the message 
25 was received, 

forwarding the message through all estab- 
lished tunnels, if any, for which this tunnel- 
er is a sending endpoint, if the message of a 
type authorized for tunnel transmission. 

15. A method as defined in claim 14, wherein 
the step of forwarding a message through a tunnel in- 
cludes : 

appending to the message a destination address 
5 that includes the address of a receiving endpoint tun- 
neler of the tunnel, and also includes a port identifi- 
er that defines, in part, the receiving endpoint of the 
tunnel ; and 

transmitting the message through an appropri- 
10 ate port to reach the receiving endpoint of the tunnel. 
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16. A method as defined in claim 15, wherein: 
if the message was received from a tunnel the 

method further comprises the step of stripping, from 
the received message, the tunnel receiving endpoint ad- 
5 dress, before forwarding the message through the tunnel 
receiving endpoint port. 

17 . Apparatus for logically connecting local 
area networks (LANs) interconnected by network compo- 
nents that include bridges and may include routers, the 
apparatus comprising: 

5 a plurality of bridges with the capability to 

form tunnels between LANs that may be widely separated, 
such bridges being referred to as tunnelers; 

means contained collectively within the tunnel- 
ers, for electing a unique designated tunneler for each 
10 extended LAN (XLAN) for which tunneling is to be provid- 
ed, wherein each XLAN has no more than one designated 
tunneler, but a single tunneler may be designated by 
more than one XLAN; 

means for configuring the tunnelers by supply- 
15 ing each with information identifying other tunnelers 
with which a tunnel may be established; 

means contained collectively in at least two 
tunnelers, for establishing at least one tunnel between 
two of the tunnelers, by exchanging messages between 
20 the two tunnelers; and 

means contained within each tunneler, for se- 
lectively forwarding message traffic through the estab- 
lished tunnel, from one LAN to another. 
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18. Apparatus as defined in claim 17, wherein 
the means for electing a unique designated tunneler for 
each XLAN includes: 

means for executing a spanning tree algorithm 
5 among all of the bridges connected to the XLAN, and 
thereby electing a root bridge; and 

means for ensuring that the root bridge has 
tunneling capability. 

19. Apparatus as defined in claim 17, wherein 
the means for configuring the tunnelers includes: 

means for supplying to each tunneler the iden- 
tities of other tunnelers and the identities of ports 
5 through which the other tunnelers are connected to 
XLANs with which they are associated. 

20. Apparatus as defined in claim 19, wherein 
the means for establishing at least one tunnel in- 
cludes : 

means for transmitting a greeting from a desig- 
5 nated tunneler to each other tunneler that is a poten- 
tial tunnel endpoint; 

means for receiving a message from one of the 
potential tunnel endpoints confirming that a tunnel may 
be established; and 
10 means for recording that a tunnel has been es- 

tablished. 

21. Apparatus as defined in claim 17, wherein 
the means for configuring the tunnelers includes: 

means for supplying to each tunneler the iden- 
tities of other tunnelers, the identities of ports 
5 through which the other tunnelers are connected to 
XLANs with which they are associated, and an indication 
of tunneler priorities, to facilitate establishment of 
tunnels between tunnel endpoints. 
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22. Apparatus as defined in claim 20, wherein 
the means for establishing at least one tunnel in- 
cludes : 

means for transmitting a greeting from a desig- 
5 nated tunneler to another designated tunneler that is a 
potential tunnel endpoint; 

means for receiving a message from the other 
designated tunneler confirming that a tunnel may be es- 
tablished; and 

10 means for recording that a tunnel has been es- 

tablished . 

23. Apparatus as defined in claim 20, wherein 
the means for establishing at least one tunnel in- 
cludes : 

means for transmitting a greeting from a desig- 
5 nated tunneler to another designated tunneler that is a 
potential tunnel endpoint; 

means for transmitting, after failing to re- 
ceive a confirming message from the other designated 
tunneler, a greeting to at least one backup tunneler; 
10 means for receiving a message from the backup 

tunneler confirming that a tunnel may be established; 
and 

means for recording that a tunnel has been es- 
tablished* 

24. Apparatus as defined in claim 17, wherein 
the means for selectively forwarding message traffic 
through the established tunnel includes: 

means for receiving a message at a tunneler; 
5 means for determining whether the message des- 

tination is known to the tunneler; 
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means operative if the destination is known, 



for 



determining whether the destination re- 
10 quires forwarding through a tunnel, and 

if so, forwarding the message through the 
tunnel, if the tunnel has been established and 
the message is of a type authorised for for- 
warding through the tunnel; 
15 means operative if the destination is not 

known, for determining whether the message was received 
from a tunnel; 

means operative if the message was received 
from a tunnel, for forwarding the message through a 
20 port defined as the tunnel endpoint; 

means operative if the message was not re- 
ceived from atunnel and the message destination is not 
known , for 

forwarding the message over all permissi- 
25 ble non- tunnel ports, and 

forwarding the message through all estab- 
lished tunnels, if any, for which this tunnel- 
er is a sending endpoint, if the message of a 
type authorized for tunnel transmission. 



25. Apparatus as defined in claim 24, wherein 
the means for forwarding a message through a tunnel in- 
cludes : 

means for appending to the message a destina- 
5 tion address that includes the address of a receiving 
endpoint tunneler of the tunnel, and also includes a 
port identifier that defines, in part, the receiving 
endpoint of the tunnel; and 

means for transmitting the message through an 
10 appropriate port to reach the receiving endpoint of the 
tunnel . 
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26. Apparatus as defined in claim 25, and fur- 
ther comprising : 

means operative if the message was received 
from a tunnel, for stripping from the received message 
5 the tunnel receiving endpoint address, before forward- 
ing the message through the tunnel receiving endpoint 
port. 

27* Apparatus as defined in claim 17, wherein: 
the means for configuring includes means for 
supplying the tunnelers with a subset of information 
concerning other tunnelers, the subset of information 
5 being optimized for a particular network topology; and 
the means for establishing a tunnel includes 

(1) for a designated tunneler, means for 
sending a greeting to another designated tun- 
nel er with which it has been conf igured , and 

10 receiving a response confirming that a tunnel 

has been established, 

(2) for a designated tunneler, means for 
sending a greeting to a nondesignated tunneler 
with which it has been configured, means for 

15 receiving a refusal response identifying a des- 

ignated tunneler, means for redirecting the 
greeting to the designated tunneler identified 
in the refusal response, and receiving a re- 
sponse confirming that a tunnel has been estab- 

20 lished, and 
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( 3 ) for a nondesignated tunneler, means 
for periodically transmitting multicast messag- 
es identifying the tunnelers with which it has 
been configured, and, for a designated tunnel - 

25 er, means for responding to a multicast mes- 

sage from a nondesignated tunneler, by sending 
a greeting to one of the tunnelers contained 
in the multicast message, and receiving a re- 
sponse message confirming that a tunnel has 

30 been established. 

28. A method for logically connecting local area 
network substantially as described with reference to the 
accompanying drawings. 

29. Apparatus for logically connecting local area 
networks substantially as described with reference to the 
accompanying drawings. 
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